A Practical Approach to Manage Phishing Incident with URL Filtering

A PRACTICAL APPROACH TO MANAGE PHISHING INCIDENT WITH URL FILTERING

Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee ManeesilpKasetsart University, Bangkok, Thailand.

AGENDAIntroductionObjectivePhishing Management System Conclusion

INTRODUCTIONWhat is Phishing?Why Phishing is important? Who are our concern about

Phishing?

WHAT IS PHISHING?

Phishing is an online form of deception

Attacker pretends to be someone elseTo obtain sensitive information from

the victim

WHY PHISHING IS IMPORTANT?

A serious threat to Internet usageGrowing very fastFrauds that affect many websites

and organizationsMore advanced and complex

techniques to convert the organization websites to the

seemingly trusted financial websites to gain confidential user information.

WHO ARE OUR CONCERN ABOUT PHISHING?One of the most attacked

organizations is education institution.

Organize their network systems by dividing into many sub-departments.

This hierarchical structure causes challenge in management effectiveness and network-security enforcement.

UNINET Largest university network provider in Thailand running by Ministry of Education 1Gbps and 10Gbps link

countrywide UniNet has 431

member institutes 240 Universities 134 Vocational School 57 Primary School

100,000 plus users

Phishing becomes a serious problem!

UniNet

OBJECTIVE Developing a phishing management

solution which covers to handle the whole anti-phishing processes for UniNet Systematic procedureFast responseTracking, monitoring and collecting phishing

information Intelligent URL Filtering system to enforce

the blocking specified URLBlock only the phishing URL, not the whole

PHISHING MANAGEMENT SYSTEMSystem Module

Account ManagementTicket ManagementWeb Filtering

Interaction DiagramUse Case DiagramSystem Configuration

SYSTEM MODULE

Incident Management Tracker & Reporter

URL Filtering

Account Management

Account Database

PhishingDatabase

Ticket Management

ACCOUNT MANAGEMENT MODULE Users must register with our system before

report the phishing website Using the following information:

Full name Company E-mail Username Password

Identification procedure

TICKET MANAGEMENT MODULE Manage Phishing

events Easy to manage

and track incidents using ticket status

Ticket management

Incident management

CreatedDeleted

Tracking & Reporting

OpenedVerified

CanceledBlockedSite Take DownClosed

URL FILTERING (WEB SCREEN) Phishing system can block/unblock web

access to the phishing site through the URL filtering system.

URL Filtering

TCP Session Hijacking Technique

Intercept HTTP requestInject forged HTTP replyBlock or redirect access of any given URL

PASS-BY URL FILTERING

Traffics are captured and passed by without queuing Zero delay, independent from traffic volume

Ease of Installation (No Traffic Interruption)

Non Blocking Traffic Stream

No Single Point of Failure Scalable

Gateway

Filtering Engine

Client

Internet

TCP SESSION HIJACKINGFiltering

SYN K , ACK J+1

ACK K+1

Client Server

Data (HTTP request)

Data (reply)

Packet will be ignored

Faked FIN by Filtering Engine

INTERACTION DIAGRAMCompany

UniNetAdministrator

UniversityAdministrator

Web FilteringEngine

Block the phishing URL

Inform the corresponding university administrator to investigate the incident

Re-verify the URLCancel the blocking of the URL

The ticket is set to canceled

Server investigation/cleaning

Close the ticket, inform both party

Inform that the server already clean

Report a phishing URL (open a ticket)Verify URL

USE CASE DIAGRAMCompany

UniNetAdministrator

UniversityAdministrator

Create

ticket

Manage Account

Block/unblock URL

View ticket

Change

ticket status

Notify incident cleared

Create Account

SYSTEM CONFIGURATION

Gateway

Phishing Filtering Engine

Internet UniNet

Network Backbone

Phishing Management

10G 10G

management

USER TICKET TRACKING SCREENSHOT

CONCLUSION Phishing Management System is now

initial deploy on UniNet InfrastructureEnable UniNet to response quicker to

phishing incidentEnable a statistic logging that helps UniNet

anticipate the future problem and improve network security

Design for handle 10Gbps Network (need some more hardware to complete)

THANK YOU.

A Practical Approach to Manage Phishing Incident with URL Filtering

Documents

Transcript of A Practical Approach to Manage Phishing Incident with URL Filtering

Phishing & Spear Phishing - info.vadesecure.com Marketing Website... · Phishing Spear Phishing Understanding an Emerging Threat to Healthcare Organizations 5 vadesecure.com How Phishing

Phishing and Anti-phishing techniques

Detecting a Phishing Attack with Phishing Intelligence ... · Detecting a Phishing Attack with Phishing Intelligence Engine (PIE) 1 Phishing Statistics: What Every Business Needs

SpamExperts Services Incoming Email Filtering - Domaincheck · SECURITY Protect your clients’ inboxes from spam, viruses, phishing, harvesting and other malicious threats. The clustered

Configuring NTLM Authentication for URL Filtering and Browsing

Installation Instructions: Forcepoint URL Filtering · Forcepoint URL Filtering components, do the following: 1. Make sure there are no underscores in the machine’s fully-qualified

Detection of URL Based Phishing Websites using Machine Learning

Installation Instructions: Forcepoint URL Filtering · 2020-06-05 · Installation Guide: Forcepoint URL Filtering 2 Forcepoint URL Filtering A supported version of Microsoft SQL

Phishing for Dollars - pearsoncmg.comptgmedia.pearsoncmg.com/images/9780321426420/sample...Protect yourself against fraudulent websites by checking the URL/Address bar every time you

IBM Security and Cloud - TD Events · DNS protection . Server & database vulnerability management Email filtering URL filtering Web browsing Network threat protection & IDS/IPS .

HUAWEI USG6620/6630 Next-Generation Firewalls · committed bandwidth, policy-based routing (PBR), and application forwarding priority adjustment. URL Filtering Can access a URL category

ACE - gratisexam.com€¦ · Considering the information in the screenshot above, what is the order of evaluation for this URL Filtering Profile? A. URL Categories (BrightCloud or

SECURE DNS FILTERING SOLUTION BRIEF · Secure DNS Filtering is a cloud-based solution that blocks websites by 83 categories and blocks advanced threats like phishing, malicious domains

Installation Instructions: Forcepoint URL Filtering · Step 5: Install an instance of Filtering Service, page 11 Step 6: Install Log Server, page 16 Step 7: Install additional components,

Managing Complex · Software Link Analysis. Initial Parameters (e.g. Keyword, URL) Crawling & Recording Quality Parameters . Filtering and Sorting of Data

Lexical Feature Based Phishing URL Detection Using Online Learning Reporter: Jing Chiu Advisor: Yuh-Jye Lee Email: D9815013@mail.ntust.edu.tw 2011/3/17Data.

Symantec WebFilter to PAN-DB URL Filtering Migration Guide · - Select the default-1 profile and rename it. For example, rename it to URL-Monitoring. o Configure the action for all

Legal and notice information - Trend Micro · 2 URL Reputation Filtering Deployment and Best Practices Guide Figure 1. How URL Reputation Filtering works Filters based on IP or DNS

Why You Need Web and Endpoint Security to Protect Your ......solutions emerged offering combined web security features that included – URL filtering, file-type filtering, application

Access Control Rules: URL Filtering...Access Control Rules: URL Filtering ThefollowingtopicsdescribehowtoconfigureURLfilteringforyourFirepowerSystem: • URLFilteringandAccessControl,page1